Logs are important for security, and he records a variety of things that happen every day in the system, and you can use him to check the cause of the error or the traces left by the attacker at the time of the attack. The main functions of the log are: Audit and monitoring. He can also monitor system status in real time, monitor and track intruders, and so on.
In a Linux system, there are three main log subsystems:
Connection time logs--executed by multiple programs, writing records to programs such as/VAR/LOG/WTMP and/var/run/utmp,login to update wtmp and utmp files so that system administrators can track who is logged on to the system.
Process statistics-executed by the system kernel. When a process terminates, write a record for each process to the process statistics file (PACCT or acct). The purpose of process statistics is to provide command usage statistics for basic services in the system.
Error log-executed by SYSLOGD (8). Various system daemons, user programs, and cores report noteworthy events to file/var/log/messages via Syslog (3). There are also many UNIX programs that create logs. Servers that provide network services, such as HTTP and FTP, also maintain detailed logs.
The common log files are as follows:
access-log 纪录HTTP/web的传输
acct/pacct 纪录用户命令
aculog 纪录MODEM的活动
btmp 纪录失败的纪录
lastlog 纪录最近几次成功登录的事件和最后一次不成功的登录
messages 从syslog中记录信息(有的链接到syslog文件)
sudolog 纪录使用sudo发出的命令
sulog 纪录使用su命令的使用
syslog 从syslog中记录信息(通常链接到messages文件)
utmp 纪录当前登录的每个用户
wtmp 一个用户每次登录进入和退出时间的永久纪录
xferlog 纪录FTP会话
Utmp, wtmp, and lastlog log files are the key to most reusable UNIX log subsystems-keeping users logged in and out of their records. Information about the current logged-on user is recorded in the file utmp, the login entry and exit records are in the file wtmp, and the last logon file can be viewed with the Lastlog command. Data interchange, shutdown, and restart are also recorded in the Wtmp file. All records contain a timestamp. These files (often lastlog) grow very quickly in systems with a large number of users. For example, wtmp files can grow infinitely, unless periodically intercepted. Many systems configure WTMP to be recycled in a single day or week. It is usually modified by a cron-run script. These scripts are renamed and recycled using the Wtmp file. Usually, Wtmp is named after the end of the first day WTMP.1, and the second days WTMP.1 becomes WTMP.2 and so on, until WTMP.7.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
